As I really don't expect a suitable (relatively) concise definition to be posted on here any time soon...... here's a quick one
(..and yes Ii's about OUR rights; Who knew ?):
GDPR stands for the General Data Protection Regulation.
This regulation has been implemented in all local privacy laws across the entire EU and EEA region. It will apply to all companies selling to and storing personal information about citizens in Europe, including companies on other continents.
What GDPR means is that citizens of the EU and EEA now have greater control over their personal data and assurances that their information is being securely protected across Europe.
According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address.
The 8 basic rights of GDPR
Under the GDPR, individuals have:
The right to access –this means that individuals have the right to request access to their personal data and to ask how their data is used by the company after it has been gathered. The company must provide a copy of the personal data, free of charge and in electronic format if requested.
The right to be forgotten – if consumers are no longer customers, or if they withdraw their consent from a company to use their personal data, then they have the right to have their data deleted.
The right to data portability – Individuals have a right to transfer their data from one service provider to another. And it must happen in a commonly used and machine readable format.
The right to be informed – this covers any gathering of data by companies, and individuals must be informed before data is gathered. Consumers have to opt in for their data to be gathered, and consent must be freely given rather than implied.
The right to have information corrected – this ensures that individuals can have their data updated if it is out of date or incomplete or incorrect.
The right to restrict processing – Individuals can request that their data is not used for processing. Their record can remain in place, but not be used.
The right to object – this includes the right of individuals to stop the processing of their data for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received. In addition, this right must be made clear to individuals at the very start of any communication.
The right to be notified – If there has been a data breach which compromises an individual’s personal data, the individual has a right to be informed within 72 hours of first having become aware of the breach.
The GDPR is the EU’s way of giving individuals, prospects, customers, contractors and employees more power over their data and less power to the organizations that collect and use such data for monetary gain.
The business implications of GDPR
This new data protection regulation puts the consumer in the driver’s seat, and the task of complying with this regulation falls upon businesses and organizations. Otherwise, you’re failing to comply.
What falls under GDPR compliance?
Well, GDPR applies to all businesses and organizations established in the EU, regardless of whether the data processing takes place in the EU or not. Even non-EU established organizations will be subject to GDPR. If your business offers goods and/ or services to citizens in the EU, then it’s subject to GDPR.
All organizations and companies that work with personal data should appoint a data protection officer or data controller who is in charge of GDPR compliance.
There are tough penalties for those companies and organizations who don’t comply with GDPR fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater.
Many people might think that the GDPR is just an IT issue, but that is the furthest from the truth. It has broad-sweeping implications for the whole company, including the way companies handle marketing and sales activities.
The impact of GDPR on customer engagement
The conditions for obtaining consent are stricter under GDPR requirements as the individual must have the right to withdraw consent at any time and there is a presumption that consent will not be valid unless separate consents are obtained for different processing activities.
This means you have to be able to prove that the individual agreed to a certain action, to receive a newsletter for instance. It is not allowed to assume or add a disclaimer, and providing an opt-out option is not enough.